/* aes.h - TinyCrypt interface to an AES-128 implementation */

/*
    Copyright (C) 2017 by Intel Corporation, All Rights Reserved.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

      - Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.

      - Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.

      - Neither the name of Intel Corporation nor the names of its contributors
      may be used to endorse or promote products derived from this software
      without specific prior written permission.

    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
    AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
    LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
    CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
*/

/**
    @file
    @brief -- Interface to an AES-128 implementation.

    Overview:   AES-128 is a NIST approved block cipher specified in
                FIPS 197. Block ciphers are deterministic algorithms that
                perform a transformation specified by a symmetric key in fixed-
                length data sets, also called blocks.

    Security:   AES-128 provides approximately 128 bits of security.

    Usage:      1) call tc_aes128_set_encrypt/decrypt_key to set the key.

                2) call tc_aes_encrypt/decrypt to process the data.
*/

#ifndef __TC_AES_H__
#define __TC_AES_H__

#include <stdint.h>

#ifdef __cplusplus
extern "C" {
#endif

#define Nb (4)  /* number of columns (32-bit words) comprising the state */
#define Nk (4)  /* number of 32-bit words comprising the key */
#define Nr (10) /* number of rounds */
#define TC_AES_BLOCK_SIZE (Nb*Nk)
#define TC_AES_KEY_SIZE (Nb*Nk)

typedef struct tc_aes_key_sched_struct
{
    unsigned int words[Nb*(Nr+1)];
}* TCAesKeySched_t;

/**
    @brief Set AES-128 encryption key
    Uses key k to initialize s
    @return  returns TC_CRYPTO_SUCCESS (1)
             returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL
    @note       This implementation skips the additional steps required for keys
                larger than 128 bits, and must not be used for AES-192 or
                AES-256 key schedule -- see FIPS 197 for details
    @param      s IN/OUT -- initialized struct tc_aes_key_sched_struct
    @param      k IN -- points to the AES key
*/
int tc_aes128_set_encrypt_key(TCAesKeySched_t s, const uint8_t* k);

/**
    @brief AES-128 Encryption procedure
    Encrypts contents of in buffer into out buffer under key;
                schedule s
    @note Assumes s was initialized by aes_set_encrypt_key;
                out and in point to 16 byte buffers
    @return  returns TC_CRYPTO_SUCCESS (1)
             returns TC_CRYPTO_FAIL (0) if: out == NULL or in == NULL or s == NULL
    @param out IN/OUT -- buffer to receive ciphertext block
    @param in IN -- a plaintext block to encrypt
    @param s IN -- initialized AES key schedule
*/
int tc_aes_encrypt(uint8_t* out, const uint8_t* in,
                   const TCAesKeySched_t s);

/**
    @brief Set the AES-128 decryption key
    Uses key k to initialize s
    @return returns TC_CRYPTO_SUCCESS (1)
            returns TC_CRYPTO_FAIL (0) if: s == NULL or k == NULL
    @note       This is the implementation of the straightforward inverse cipher
                using the cipher documented in FIPS-197 figure 12, not the
                equivalent inverse cipher presented in Figure 15
    @warning    This routine skips the additional steps required for keys larger
                than 128, and must not be used for AES-192 or AES-256 key
                schedule -- see FIPS 197 for details
    @param s  IN/OUT -- initialized struct tc_aes_key_sched_struct
    @param k  IN -- points to the AES key
*/
int tc_aes128_set_decrypt_key(TCAesKeySched_t s, const uint8_t* k);

/**
    @brief AES-128 Encryption procedure
    Decrypts in buffer into out buffer under key schedule s
    @return returns TC_CRYPTO_SUCCESS (1)
            returns TC_CRYPTO_FAIL (0) if: out is NULL or in is NULL or s is NULL
    @note   Assumes s was initialized by aes_set_encrypt_key
            out and in point to 16 byte buffers
    @param out IN/OUT -- buffer to receive ciphertext block
    @param in IN -- a plaintext block to encrypt
    @param s IN -- initialized AES key schedule
*/
int tc_aes_decrypt(uint8_t* out, const uint8_t* in,
                   const TCAesKeySched_t s);

#ifdef __cplusplus
}
#endif

#endif /* __TC_AES_H__ */
